An official website of the United States government
Communication networks in power systems are a major part of the smart grid paradigm. It enables and facilitates the automation of power grid operation as well as self-healing in contingencies. Such dependencies on communication networks, though, create a roam for cyber-threats. An adversary can launch an attack on the communication network, which in turn reflects on power grid operation. Attacks could be in the form of false data injection into system measurements, flooding the communication channels with unnecessary data, or intercepting messages. Using machine learning-based processing on data gathered from communication networks and the power grid is a promising solution for detecting cyber threats. In this paper, a co-simulation of cyber-security for cross-layer strategy is presented. The advantage of such a framework is the augmentation of valuable data that enhances the detection as well as identification of anomalies in the operation of the power grid. The framework is implemented on the IEEE 118-bus system. The system is constructed in Mininet to simulate a communication network and obtain data for analysis. A distributed three controller software-defined networking (SDN) framework is proposed that utilizes the Open Network Operating System (ONOS) cluster. According to the findings of our suggested architecture, it outperforms a single SDN controller framework by a factor of more than ten times the throughput. This provides for a higher flow of data throughout the network while decreasing congestion caused by a single controller’s processing restrictions. Furthermore, our CECD-AS approach outperforms state-of-the-art physics and machine learning-based techniques in terms of attack classification. The performance of the framework is investigated under various types of communication attacks.
more »
« less
Cross‐layered distributed data‐driven framework for enhanced smart grid cyber‐physical security
Abstract Smart Grid (SG) research and development has drawn much attention from academia, industry and government due to the great impact it will have on society, economics and the environment. Securing the SG is a considerably significant challenge due the increased dependency on communication networks to assist in physical process control, exposing them to various cyber‐threats. In addition to attacks that change measurement values using False Data Injection (FDI) techniques, attacks on the communication network may disrupt the power system's real‐time operation by intercepting messages, or by flooding the communication channels with unnecessary data. Addressing these attacks requires a cross‐layer approach. In this paper a cross‐layered strategy is presented, called Cross‐Layer Ensemble CorrDet with Adaptive Statistics(CECD‐AS), which integrates the detection of faulty SG measurement data as well as inconsistent network inter‐arrival times and transmission delays for more reliable and accurate anomaly detection and attack interpretation. Numerical results show that CECD‐AS can detect multiple False Data Injections, Denial of Service (DoS) and Man In The Middle (MITM) attacks with a high F1‐score compared to current approaches that only use SG measurement data for detection such as the traditional physics‐based State Estimation, ECD‐AS strategy and other machine learning classification‐based detection schemes.
more »
« less
- Award ID(s):
- 1809739
- PAR ID:
- 10367597
- Publisher / Repository:
- DOI PREFIX: 10.1049
- Date Published:
- Journal Name:
- IET Smart Grid
- Volume:
- 5
- Issue:
- 6
- ISSN:
- 2515-2947
- Format(s):
- Medium: X Size: p. 398-416
- Size(s):
- p. 398-416
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
We address the security of a network of Connected and Automated Vehicles (CAVs) cooperating to safely navigate through a conflict area (e.g., traffic intersections, merging roadways, roundabouts). Previous studies have shown that such a network can be targeted by adversarial attacks causing traffic jams or safety violations ending in collisions. We focus on attacks targeting the V2X communication network used to share vehicle data and consider as well uncertainties due to noise in sensor measurements and communication channels. To combat these, motivated by recent work on the safe control of CAVs, we propose a trust-aware robust event-triggered decentralized control and coordination framework that can provably guarantee safety. We maintain a trust metric for each vehicle in the network computed based on their behavior and used to balance the tradeoff between conservativeness (when deeming every vehicle as untrustworthy) and guaranteed safety and security. It is important to highlight that our framework is invariant to the specific choice of the trust framework. Based on this framework, we propose an attack detection and mitigation scheme which has twofold benefits: (i) the trust framework is immune to false positives, and (ii) it provably guarantees safety against false positive cases. We use extensive simulations (in SUMO and CARLA) to validate the theoretical guarantees and demonstrate the efficacy of our proposed scheme to detect and mitigate adversarial attacks.more » « less
-
A vehicular communication network allows vehicles on the road to be connected by wireless links, providing road safety in vehicular environments. Vehicular communication network is vulnerable to various types of attacks. Cryptographic techniques are used to prevent attacks such as message modification or vehicle impersonation. However, cryptographic techniques are not enough to protect against insider attacks where an attacking vehicle has already been authenticated in the network. Vehicular network safety services rely on periodic broadcasts of basic safety messages (BSMs) from vehicles in the network that contain important information about the vehicles such as position, speed, received signal strength (RSSI) etc. Malicious vehicles can inject false position information in a BSM to commit a position falsification attack which is one of the most dangerous insider attacks in vehicular networks. Position falsification attacks can lead to traffic jams or accidents given false position information from vehicles in the network. A misbehavior detection system (MDS) is an efficient way to detect such attacks and mitigate their impact. Existing MDSs require a large amount of features which increases the computational complexity to detect these attacks. In this paper, we propose a novel grid-based misbehavior detection system which utilizes the position information from the BSMs. Our model is tested on a publicly available dataset and is applied using five classification algorithms based on supervised learning. Our model performs multi-classification and is found to be superior compared to other existing methods that deal with position falsification attacks.more » « less
-
Attack detection problems in industrial control systems (ICSs) are commonly known as a network traffic monitoring scheme for detecting abnormal activities. However, a network-based intrusion detection system can be deceived by attackers that imitate the system’s normal activity. In this work, we proposed a novel solution to this problem based on measurement data in the supervisory control and data acquisition (SCADA) system. The proposed approach is called measurement intrusion detection system (MIDS), which enables the system to detect any abnormal activity in the system even if the attacker tries to conceal it in the system’s control layer. A supervised machine learning model is generated to classify normal and abnormal activities in an ICS to evaluate the MIDS performance. A hardware-in-the-loop (HIL) testbed is developed to simulate the power generation units and exploit the attack dataset. In the proposed approach, we applied several machine learning models on the dataset, which show remarkable performances in detecting the dataset’s anomalies, especially stealthy attacks. The results show that the random forest is performing better than other classifier algorithms in detecting anomalies based on measured data in the testbed.more » « less
-
This paper presents a deep learning based multi-label attack detection approach for the distributed control in AC microgrids. The secondary control of AC microgrids is formulated as a constrained optimization problem with voltage and frequency as control variables which is then solved using a distributed primal-dual gradient algorithm. The normally distributed false data injection (FDI) attacks against the proposed distributed control are then designed for the distributed gener-ator's output voltage and active/reactive power measurements. In order to detect the presence of false measurements, a deep learning based attack detection strategy is further developed. The proposed attack detection is formulated as a multi-label classification problem to capture the inconsistency and co-occurrence dependencies in the power flow measurements due to the presence of FDI attacks. With this multi-label classification scheme, a single model is able to identify the presence of different attacks and load change simultaneously. Two different deep learning techniques are compared to design the attack detector, and the performance of the proposed distributed control and the attack detector is demonstrated through simulations on the modified IEEE 34-bus distribution test system.more » « less
